What Is a Short Code Audit?
When an SMS short code is provisioned by the wireless carriers, it's done so with the expectations that the owner of the short code will follow the rules for short codes set out in the CTIA Short Code Monitoring Handbook. While the majority of short code owners do follow the rules, it's still essential for the CTIA to do in-marketing monitoring of short codes, to ensure everyone's compliance.
A CTIA short code audit is triggered when a live short code program fails to meet the standards set out in the CTIA Short Code Monitoring Handbook. To find short codes that are not meeting the standards set out in the CTIA Short Code Monitoring Handbook, the CTIA employs a sophisticated in-market monitoring tool, which will review short code campaigns that are being advertised to the public.
CTIA issues compliance audits weekly for standard rate short codes leased with the Common Short Code Administration. CTIA audits are published at 2:00 AM EST every Tuesday, with audits covering issues with short code campaigns during the previous week.
CTIA distributes Audit Notices each week. Each CTIA short code audit will will include the following...
- Description of CTIA short code violation
- Unique Audit Number
- SMS Short Code
- SMS Service Provider
- SMS Aggregator (full list here)
- CTIA Audit Notice Date
- CTIA Audit Cure Date
CTIA short code audits are made available to all U.S. wireless carriers that support short code messaging.
Warning: The CTIA does not monitor TCPA compliance for short codes. This is the short code owner's responsibility.
CTIA Short Code Audit Severity Levels
All CTIA short code audits are designated different severity levels, based on how harmful the issue is to the consumer. The severity of the CTIA short code audit will determine how fast the CTIA and the wireless carriers require you to fix the issue, before they pursue more further options.
The different severity levels are listed below, with Severity 0 being reserved for the most extreme CTIA short code violations.
|Severity 0||Extreme consumer harm||Immediate||CTIA: Immediate registry suspension harm
Carriers: Vary by case; immediate suspension or termination possible
|Severity 1||Serious consumer||5 business days||CTIA: Unresolved audits; possible registry harm suspension
Carriers: Vary by case
|Severity 2||Moderate Consumer Harm||5 business days||CTIA: Vary by case consumer harm
Carriers: Vary by case
Based on the above severity chart, it's interesting to note that the vast majority of short code audits (80+%) result in a pass, and Severity 0 failures are rare. You can view the charts below to get a better understanding of the failure rates for each severity in short code audits, both in their advertising of the campaign, and the actual messaging of the campaign.
CTIA Short Code Violation Examples
When failures occur with the messaging flow of the campaign, the top violations are not including customer care contact information in messages, again missing "message & data rates may apply", and disclosing to the consumer in the messaging flow that they're opting in for recurring messages. You can see this in the chart below.
CTIA Short Code Audit Communications
Have you received a CTIA short code audit? Don't worry, the CTIA Compliance Care Team is here to help you! If you have a question about a CTIA audit, or need help, please lease a comment on the short code audit notice, or email email@example.com. The CTIA Compliance Care Team (Care Team) responds promptly to all messages regarding short code compliance. The CTIA Compliance Care Team is here to assist you as much as possible with understanding how to resolve short code violations and close CTIA short code audits.
CTIA Short Code Audit Retests
It's your responsibility as a short code owner to communicate to the CTIA Compliance Care Team after receiving a short code audit that the issue has been resolved.
If the CTIA Compliance Care Team does not hear back in response to a short code audit, or if the short code owner doesn't resolve the issue that triggered the audit notice, the short code is subject to further action by either the CTIA or the wireless carriers.
TV & Print Exceptions
The CTIA and the wireless carriers understand that it may not be possible to address an issue if the issue is caused by television or printed material. In these cases, short code owners may submit a short code retest request for a date further out than the required cure date. For a retest request for a violation caused by a television or print advertisement, a short code owner will have to give a clear explanation of the changes to be implemented on the next round of advertisements.
CTIA short code audits that are awaiting a retest due to a television or print advertisement, will be categorized as "Pending Retest".
CTIA Short Code Audit Appeals
If you believe that a CTIA short code audit is not valid, you may challenge the audit by emailing the CTIA Compliance Care Team at firstname.lastname@example.org. The challenge must be received before the cure date on the short code audit notice, and must include an explaination of why you think the short code audit is incorrect.
Reporting CTIA Short Code Violations
Have you found a short code that is violating any of the rules in the CTIA Short Code Monitoring Handbook? If so, please report violations to the CTIA Compliance Care Team at email@example.com. When reporting a short code violation, please include the following information.
- Location of the call-to-action
- SMS short code number
If the CTIA decides to take action against a short code owner for a violation, the person's information that reported the violation will be kept confidential.